Lionel Elie Mamane
lionel at mamane.lu
Tue Oct 17 12:59:54 CEST 2006
On Fri, Sep 29, 2006 at 08:41:46AM -0400, David Shaw wrote:
> On Fri, Sep 29, 2006 at 07:11:12AM +0200, Lionel Elie Mamane wrote:
>> On Sat, Sep 23, 2006 at 03:15:07PM +0200, Carlo Luciano Bianco wrote:
>>> I just try to summarize what I understood from this thread about
>>> OpenPGP implementation of DSA and RSA signatures, so you can correct
>>> me if I am wrong: ;-)
>>> - DSA does not support "firewalled hashes"
>> Not exactly. Version 3 DSA signatures lack a hash firewall. But
>> version 4 DSA signatures do have a hash firewall. The version refers
>> not to a version of DSA itself, but the version of the OpenPGP packet
>> format being used.
> This is not correct. No DSA signatures in OpenPGP, whether v3 or
> v4, have a hash firewall.
I got that idea from this language in the RFC:
A V4 signature hashes the packet body
starting from its first field, the version number, through the end of
the hashed subpacket data. Thus, the fields hashed are the signature
version, the signature type, the public key algorithm, the hash
algorithm, the hashed subpacket length, and the hashed subpacket
Doesn't the fact that the they hash algorithm identifier is hashed
into what is DSA-signed establish a hash firewall?
More information about the Gnupg-devel